What Makes a Strong Password?
Password strength is determined by two factors: length and character variety. A 16-character password using all four character types (uppercase, lowercase, numbers, symbols) has approximately 10²⁸ possible combinations — even the fastest computers cannot crack it by brute force within a human lifetime.
| Length | Characters | Combinations | Strength |
|---|---|---|---|
| 8 | Lower only | 208 billion | Weak |
| 12 | Lower + Upper + Nums | 3.2 × 10²¹ | Good |
| 16 | All four types | 10²⁸ | Very Strong |
| 24 | All four types | 10²⁸⁺ | Extremely Strong |
How Our Generator Works
Unlike simple Math.random()-based generators, our password generator uses window.crypto.getRandomValues() — the Web Crypto API built into all modern browsers. This generates true cryptographic randomness seeded from hardware entropy. Each character is selected independently using an unbiased modulo operation on 32-bit random integers.
🔒 Your password never leaves your device. Generation happens entirely in your browser — no network request is made and no password is ever stored or transmitted.
Password Security Best Practices
- Use a unique password for every account — reusing passwords across sites is the most common cause of account compromise
- Use a password manager (1Password, Bitwarden, KeePass) to securely store generated passwords
- Enable 2FA wherever possible — a second factor protects your account even if your password is compromised
- Minimum 12 characters for regular accounts; 20+ for banking, email and work accounts
- Never share passwords via email, SMS or chat — use a proper credential-sharing feature in your password manager
🔐 Generate a cryptographically secure password — customise and copy in one click
Open Password Generator →